Cybersecurity as a
Business Differentiator
February 28, 2017
Presented by
Susan Whittemore
VP, Enterprise Cybersecurity
Fidelity Investments
1
Susan Whittemore
VP, Consulting, Enterprise Cybersecurity
Profile
Previous Positions
• Joined Fidelity in 2007
• Senior-level cybersecurity positions at:
• Leads a security consulting team
serving the enterprise
• Manages the information security
office for several business units
• Over 20 years in the cybersecurity
field
• Previous positions in audit, accounting,
and operations management
Education
BS Business Administration
Worcester State University
2
2
Strategic Forces Shaping Cyber
Significant Cyber Events in 2016
Social
Media
Infrastructure
& Government
Business
2016
Events
Hospitality
3
Healthcare
3
The Threat Landscape
• Impact: Costly regulatory
inquiries and penalties,
consumer and shareholder
lawsuits, loss of consumer
confidence
• Motivation: Financial gain
•
Impact: Competitive advantage, trade secret
disclosure, operational disruption, brand and
reputation
•
Motivation: Personal advantage, monetary gain,
professional revenge, patriotism
•
2017 Outlook: More organizations will implement
insider threat mitigation programs and processes
•
Impact: Disruption of business activities, brand and
reputation, loss of consumer confidence
•
Motivation: Negatively impact reputation, drive
attention to a cause, pressure for change
•
2017 Outlook: Expected to escalate attack methods
with high-profile data breaches
•
Impact: loss of competitive advantage, disruption
to critical infrastructure
•
Motivation: Economic, political, and/or military
advantage
•
2017 Outlook: Will continue to strengthen their
defensive and offensive cyber skills
• 2017 Outlook: Cyber-extortion
will continue to rise
4
4
Cybersecurity
The cost and risks of cyber attacks are increasing
Cyber Threat Landscape
• Cybersecurity events and costs are increasing:
– 79% of survey respondents detected a security incident in the past 12 months1
– Average total cost of a data breach increased 23% over the past two years2
– Average cost paid for each lost / stolen record increased 6%1
Industry Outlook
• Data breaches are expected to reach $2.1 trillion globally by 20193
• 76% of survey respondents1 were more concerned about cybersecurity threats than in previous 12 months:
– Increase from 59% in 2014
Reputational Risk
• An IT security breach can have serious implications in how a company is perceived:
– 46% of companies suffered damage to reputation & brand value due to a security breach4
– 19% of companies suffered damage to reputation & brand value due to a third-party security breach
or IT system failure4
• The risk of losing customer trust is significant and rising:
– 82% of customers would consider leaving an institution that suffered a data breach5
5
Source: 1U.S. State of Cybercrime Survey, 2Ponemon Institute, 3Juniper Research , 4Forbes
5
Cybersecurity
A critical part of a company’s business strategy
• Board level engagement, business driven strategy
• Risk based approach is key — threats vary according to industry, but all industries
are vulnerable
• As technology advances, so do the threats; it is harder than ever to protect business
processes and information
• Compliance and regulatory requirements are a factor
• Strategy must be consumable and scalable
The U.S. Government has identified cybersecurity
as “one of the most serious economic and national
security challenges we face as a nation”
1
6
Source: 1U.S. White House Office
6
Cybersecurity = Trust = Business Value
Cyber is a compelling business differentiator
• Safeguarding intellectual property, financial information, and a company’s
reputation is fundamental to business strategy
• Clients expect their data and their assets to be secure, and services to be
available
• Cyber is not just about technology, it’s also about people and processes
• A diverse and talented workforce can be the difference between cyber being
viewed as a technology solution or as a business differentiator
7
7
1 million cybersecurity
job openings globally in 2016*
8
*Cisco, 2016; 1Information System Security Certification Consortium, 2015;PricewaterhouseCoopers, 2015; Burning Glass, 2015; ISC2, 2015; Cybersecurity Ventures, 2016
8
Tips for Success
• Be opportunistic and persistent
• Consider your brand
• Develop expertise
• No excuses!
9
9
Questions
10